Docker手册

编程语言 2018-05-16 12:52:54 阅读次数: 3

Docker

安装Docker

curl -sSL https://get.daocloud.io/docker | sh
# 或
curl -sSL http://acs-public-mirror.oss-cn-hangzhou.aliyuncs.com/docker-engine/internet | sh
# 查看版本
docker -v
# 启动服务
systemctl start docker
systemctl enable docker
# 验证docker安装成功
docker run hello-world

Docker命令

容器命令

  • 查看命令
# 查看所有容器包括停止的
docker ps -a

# 查看运行容器状态
docker ps

# 查看最后一次运行容器信息
docker ps -l

# 查看容器日志
docker logs <ID|容器名称>

# 进入容器
docker exec -it <ID|容器名称> /bin/bash

# 查看容器详情
docker inspect
  • 操作命令
# 停止容器
docker stop <ID|容器名称>

# 启动之前已经停止的docker_run镜像
docker start <ID|容器名称>

# 删除容器(需停止容器后再删除)
docker rm -f <ID|容器名称>

关于RUN指令的更多

镜像命令

  • 查看命令
# 查看本地所有镜像
docker images
  • 操作命令
# 运行镜像
# docker run --name yijitomcat --privileged -p 8080:8080 -v $PWD/tomcat/logs:/home/apache-tomcat-8.5.31/logs --mount type=volume,src=$PWD/tomcat/conf,dst=/home/apache-tomcat-8.5.31/conf -d mytomcat
docker run --name <容器名称> --privileged -p <宿主机映射端口>:<容器被映射端口> -v <宿主机映射目录>:<容器被映射目录> -d <镜像名称|镜像ID>
# 删除镜像
docker rmi <imageId>
# 拉取镜像
docker pull <镜像名称:版本>
# 查找镜像
docker search <镜像名称>

Volume相关操作

# 新增卷
docker volume create --name volumeName

# 查看卷详情
docker volume inspect myVolume

# 查看卷列表
docker volume list

# 挂载到镜像
docker run -d --name yijitomcat -v volumeName:/home/tomcat mytomcat

# 删除镜像时删除挂载
docker rm -v -f yijitomcat

# 查看孤卷
docker volume ls -qf dangling=true

# 删除孤卷
docker volume rm $(docker volume ls -qf dangling=true)

# 授权一个容器访问另一个容器的Volume
docker run -d --volumes-from <另外一个容器> -t <tag> <镜像名称>

Volume官方文档

TOP

Docker的持久化和还原

持久化镜像

docker save <imageId>> /tmp/save_image.tar

image

持久化容器

docker export <containerId> > /tmp/export_container.tar

image

导入持久化的镜像

# 加载镜像
docker load < /tmp/save_image.tar
# 为镜像打TAG
docker tag <imageId> load:tag

image

导入持久化的容器

# 注意,导入之后是生成新的镜像而不是容器!
cat /tmp/export_container.tar | docker import - <imageName>:<imageTag>

image

两种方式的比较

导出容器再导入为镜像的方式会丢失历史信息,而保存镜像再加载为镜像的方式不会丢失历史和层,可以做到层回滚,从下图两者的大小亦可看出些许端倪。
image

TOP

DockerFile

简单例子

docker build -t runoob/centos:6.7 .
  • -t :指定要创建的目标镜像名
  • . :Dockerfile 文件所在目录,可以指定Dockerfile 的绝对路径

搭建Tomcat镜像例子

FROM centos
LABEL maintainer jlcon@qq.com

WORKDIR /home
ENV LANG C.UTF-8
RUN echo "zhun bei zi yuan..."
# ADD可自动解压文件
ADD apache-tomcat-8.5.31.tar.gz /home
ADD jdk-8u171-linux-x64.tar.gz /home
ADD which /usr/bin

ENV CATALINA_HOME /home/apache-tomcat-8.5.31
ENV JAVA_HOME /home/jdk1.8.0_171
ENV PATH $CATALINA_HOME/bin:$PATH
ENV PATH $JAVA_HOME/bin:$PATH

CMD ["/home/apache-tomcat-8.5.31/bin/catalina.sh","run"]

自定义镜像

tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["https://nwgq096a.mirror.aliyuncs.com"], #镜像加速地址
  "insecure-registries":["192.168.116.148:5000"] # Docker如果需要从非SSL源管理镜像,这里加上。
  "max-concurrent-downloads": 10,
  "live-restore": true
}
EOF
systemctl daemon-reload
systemctl restart docker

加速器

curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://8431ce13.m.daocloud.io

[TOP]

Daemon.json 文件全览

{
    "authorization-plugins": [],
    "data-root": "",
    "dns": [],
    "dns-opts": [],
    "dns-search": [],
    "exec-opts": [],
    "exec-root": "",
    "experimental": false,
    "storage-driver": "",
    "storage-opts": [],
    "labels": [],
    "live-restore": true,
    "log-driver": "",
    "log-opts": {},
    "mtu": 0,
    "pidfile": "",
    "cluster-store": "",
    "cluster-store-opts": {},
    "cluster-advertise": "",
    "max-concurrent-downloads": 3,
    "max-concurrent-uploads": 5,
    "default-shm-size": "64M",
    "shutdown-timeout": 15,
    "debug": true,
    "hosts": [],
    "log-level": "",
    "tls": true,
    "tlsverify": true,
    "tlscacert": "",
    "tlscert": "",
    "tlskey": "",
    "swarm-default-advertise-addr": "",
    "api-cors-header": "",
    "selinux-enabled": false,
    "userns-remap": "",
    "group": "",
    "cgroup-parent": "",
    "default-ulimits": {},
    "init": false,
    "init-path": "/usr/libexec/docker-init",
    "ipv6": false,
    "iptables": false,
    "ip-forward": false,
    "ip-masq": false,
    "userland-proxy": false,
    "userland-proxy-path": "/usr/libexec/docker-proxy",
    "ip": "0.0.0.0",
    "bridge": "",
    "bip": "",
    "fixed-cidr": "",
    "fixed-cidr-v6": "",
    "default-gateway": "",
    "default-gateway-v6": "",
    "icc": false,
    "raw-logs": false,
    "allow-nondistributable-artifacts": [],
    "registry-mirrors": [],
    "seccomp-profile": "",
    "insecure-registries": [],
    "no-new-privileges": false,
    "default-runtime": "runc",
    "oom-score-adjust": -500,
    "node-generic-resources": ["NVIDIA-GPU=UUID1", "NVIDIA-GPU=UUID2"],
    "runtimes": {
        "cc-runtime": {
            "path": "/usr/bin/cc-runtime"
        },
        "custom": {
            "path": "/usr/local/bin/my-runc-replacement",
            "runtimeArgs": [
                "--debug"
            ]
        }
    }
}
  • debug: it changes the daemon to debug mode when set to true.
  • cluster-store: it reloads the discovery store with the new address.
  • cluster-store-opts: it uses the new options to reload the discovery store.
  • cluster-advertise: it modifies the address advertised after reloading.
  • labels: it replaces the daemon labels with a new set of labels.
  • live-restore: Enables keeping containers alive during daemon downtime.
  • max-concurrent-downloads: it updates the max concurrent downloads for each pull.
  • max-concurrent-uploads: it updates the max concurrent uploads for each push.
  • default-runtime: it updates the runtime to be used if not is specified at container creation. It defaults to “default” which is the runtime - shipped with the official docker packages.
  • runtimes: it updates the list of available OCI runtimes that can be used to run containers
  • authorization-plugin: specifies the authorization plugins to use.
  • allow-nondistributable-artifacts: Replaces the set of registries to which the daemon will push nondistributable artifacts with a new set of - registries.
  • insecure-registries: it replaces the daemon insecure registries with a new set of insecure registries. If some existing insecure registries in - daemon’s configuration are not in newly reloaded insecure resgitries, these existing ones will be removed from daemon’s config.
  • registry-mirrors: it replaces the daemon registry mirrors with a new set of registry mirrors. If some existing registry mirrors in daemon’s - configuration are not in newly reloaded registry mirrors, these existing ones will be removed from daemon’s config.

[TOP]

daemon-configuration-file详解

搭建私有仓库

拉取registry镜像

docker pull registry

打开防火墙

firewall-cmd --zone=public --add-port=5000/tcp --permanent

启动

docker run -d -p 5000:5000 --privileged=true -v /opt/registry:/tmp/registry registry
  • -d 是后台启动容器。
  • -p 将容器的 5000 端口映射到 Host 的 5000 端口。5000 是 registry 服务端口。
  • -v 将容器 /tmp/registry目录映射到宿主机的/opt/registry,用于存放镜像数据。
  • –privileged=true :CentOS7中的安全模块selinux把权限禁掉了,参数给容器加特权,不加上传镜像会报权限错误(OSError: [Errno 13] Permission denied: ‘/tmp/registry/repositories/liibrary’)或者(Received unexpected HTTP status: 500 Internal Server Error)错误

[TOP]

上传镜像到私服

# 通过 docker tag重命名镜像,使之与registry匹配。
docker tag <tagName> <ip>:<port:5000>/<name>:<版本号>
# 上传
docker push <ip>:5000/<name>:<版本号>
# 下载
docker pull <ip>:5000/wsf:v1
# 查看Registry中所有镜像信息
curl http://<ip>:5000/v2/_catalog

[TOP]

参考资料

[TOP]

Kubernetes

安装Kubernetes

参考资料

猜你喜欢

转载自blog.csdn.net/jlcon/article/details/80335384
今日推荐
《美国对全球网络空间安全与发展的威胁和破坏》报告发布
火速冲上 GitHub 热榜 —— 开源编程语言、框架哪有这么可爱?
北京人形机器人创新中心发布全球首个纯电驱拟人奔跑的全尺寸人形机器人“天工”
LFOSSA 源来如此公开课 | 掌握云原生未来:CNCF 认证全面攻略与备考秘籍
周排行
循环神经网络(rnn)讲解
Tigao教程四:单独的关节运动
金蝶K3WISE15.0-注册套打教程
如何在Mac上配置Kubernetes
Android应用结束自身进程的方法
SpringMVC学习 十三 拦截器栈
中国驻洛杉矶总领馆举行新春招待会
HttpClient get post 发送
11 - three.js 笔记 - 绘制三维字体模型
Mysql递归获取某个父节点下面的所有子节点和子节点上的所有父节点
每日归档
更多
2024-05-01(4)
2024-04-30(1)
2024-04-29(40)
2024-04-28(0)
2024-04-27(56)
2024-04-26(39)
2024-04-25(22)
2024-04-24(36)
2024-04-23(26)
2024-04-22(39)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022